Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Half network performance compared to clean FreeBSD

    General pfSense Questions
    3
    4
    980
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrCCL
      last edited by

      I only get half network performance doing a simple bandwidth test on the LAN side using iperf3,  and this is on a clean pfsense install.
      If I do a clean install of FreeBSD I get full bandwidth, i.e. more than 100MB/s.

      
router to client
[  4]   9.00-10.00  sec  37.0 MBytes   310 Mbits/sec

client to router
[  4]   9.00-10.00  sec  49.8 MBytes   418 Mbits/sec

      What does pfsense change/modify in regards to the basic network setup on FreeBSD that is likely to have this effect?
      Or do you have any other clues what to do?

      Hardware
      SuperMicro X7SPE-H (Atom D510, chipset Intel ICH9R, 2xIntel 82574L NICs)

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        this question comes up every couple of days, but lets go again:

        default freebsd is configured as an endpoint / pfSense is configured as a router/firewall.
        freebsd doesn't do firewalling out of the box / pfSense does.
        Disabling firewalling on pfsense will increase your "bandwidth" performance somewhat … it won't be the same as clean freeBSD tho.

        to see' performance you should measure throughput, so instead of running iperf on pfSense run it like that:

        <iperf-client>  ---  <pfsense>---</pfsense></iperf-client>

        1 Reply Last reply Reply Quote 0
        • M
          MrCCL
          last edited by

          Ahh….it suddenly changed things :-)

          Now I get 112/MBs and no impact on CPU usage at all! :-)

          
[  4]   9.00-10.00  sec   112 MBytes   943 Mbits/sec

          I just expected that pfSense's router/firewall functionally wouldn't play any part if I did a router<->LAN test, but I guess I was wrong.
          I would of course expect a decrease in throughput going through the NAT/firewall (WAN <-> router <-> LAN).

          But this is of course not a in-real-life problem, as the pfsense rarely play any other server-role than being firewall.

          Running iperf3 on the router, not only I got the pure bandwidth, but it also used 100% usage.

          Thanks for clearing it out, and I'm sorry I missed the other threads about it…...I did search the forum but I guess I did a wrong search.

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66
            last edited by

            One of the many differences is iperf is in userland and packets moving to/from the network must go through kernel space to the userland, which is a lot of extra overhead. You can tweak the OS to be better at this, but sometimes comes as other costs. As a router/firewall, the packets stay in the kernel and certain optimizations can be done.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.